Interview: Anthony Hess, CFC Underwriting

It’s very easy to Google yourself or your company name to see what results appear, but what would you do if the discussion on your company was on the often-unseen dark web?

I recently became aware of a UK cybersecurity company named RepKnight, whose software provides real-time cyber intelligence across a wide range of open source, social media and dark web sites to keep users safe from internal and external threats. It's dark web monitoring product BreachAlert helps users discover the things that they weren't expecting to find.

This is all very well, but how is it being used? A recent partnership between RepKnight and CFC Underwriting saw the launch of CFC BreachAlert, a free dark web monitoring tool for CFC’s cyber insurance policyholders that notifies policyholders if any of their data is posted on the dark web in real-time or hundreds of other data breach, leak and dump sites.

CFC BreachAlert can be configured to monitor the dark web for corporate email domains, employee login credentials, server IP addresses and lists of clients or employees, and policyholders can use keyword expressions to search for mentions of their company or product names on the dark web, as well as 'watermarks' or 'fingerprints' added into their in-house data.

CFC Underwriting has diversified its cyber-insurance offering to include new risk management services and as a result was “well placed to do well in it”, said Anthony Hess, head of incident response at CFC Underwriting.

Speaking to Infosecurity, Hess said that this will provide 24x7 monitoring and instant notifications via email, Slack or HipChat, and ensure that policyholders will be the first to know if their information has been leaked.

“We talked to RepKnight in 2016 and we were evaluating different threat intelligence tools on the incident response side and ended up not selecting any intelligence portal, but we talked about a breach monitoring capability for insurance, and RepKnight appeared and said it had the new tool so we looked at it and asked if they could make it a little simpler. So we went through the program during spring/summer 2017 and we liked the simple to use search capability for ‘dark web’ leaked data.”

Hess explained that this was built for CFC Underwriting, and this has a specific user interface to be customized and allows the user to create searches quickly.

“For us there is a lot of different intelligence portals for inside the security operations center (SOC), and what is interesting to us is to have a basic and simple tool that focused on doing this, and especially that SME insurance can use and find the most value from. We also liked the willingness of RepKnight to work with us to create a tool that we thought SME insurance would find useful.”

Asked if he felt that dumps of data on Pastebin was a major problem, Hess said that we are seeing fewer things leaked to ‘bin’ sites and perhaps people are leaking databases and cannot sell it on the dark web market, so choose to dump it instead.

So how does this work with cyber-insurance? Hess explained that one thing CFC Underwriting wanted to do was discover if they had been breached and be able to reduce the impact, and if you’re a big company you’ll be looking on the web for whether your data had been leaked – what CFC is doing is pushing the capability out for smaller companies.

Was this something that was asked for? “It is not something that they asked for, but it is something we were looking at,” he said. “What are big companies doing, and how can we as an insurance company act as a MSSP for free to a lot of smaller businesses and what kind of things are of interest to them? So it is not being asked for, but it's something useful as I worked in the SOC and it is based on thought process of a ‘SOC does this, but a small company doesn’t do this so what can we do with those sorts of things’. So we’re trying to be realistic on what the software can do for a company.”

The potential for BreachAlert seems wide: a RepKnight spokesperson told Infosecurity that there was general interest in getting more bespoke versions of the product, in particular where people are worried about data breaches.

With a matter of months to go until GDPR becomes the law and reporting data breaches becomes mandatory, it’s good to see one company offering a service that can aid with detection.